Directory

Snort

Vendor

Sourcefire

Website

Visit the Product Site

Pricing Model

Open Source

Modified

2008-08-18

Owner

Potentate

Add'l Info

Software

Submit review Recommend Report

Rating

3 votes

Favoured:

Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient.Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system.Snort logs packets in either tcpdump(1) binary format or in Sno

Reviews (1)

Snort

byJax, January 11, 2010

Excellent and highly configurable intrusion detection. Flexible enough to fit most hardware configurations and granular enough to allow for a highly customisable installation.

For those that require the ability to create their own signatures, no matter how simple or sophisticated, this is the standard.

No matter how many sensors you wish to deploy, Snort can scale to your needs.

Beware though, with this amount of flexibility comes a price, you have to know what you are doing in order to get the most out of it. Also, if you are deploying a hundred sensors, you must be able to process the information and monitor the sensors information effectively.

Search Products

Product Directory

Who's Online?

Directory

Snort